Jump to content

Archived

This topic is now archived and is closed to further replies.

AndrewRavenwood

Bypassing the payment step?

Recommended Posts

Hi,

 

This morning I found that an order had been placed on the site and that the 'person' making the order had not made payment through Paypal - currently the only means to make a payment on this shop.

I was initially suspect when I looked at the address which doesn't seem to be valid.

 

How is it possible to place the order without any record of it appearing in Paypal? Is this something that I can prevent? Is there potentially a loophole here, I dunno!

 

Any words of wisdom from the more experienced? Opinions?

Share this post


Link to post
Share on other sites

@@AndrewRavenwood

 

There is possibility if someone directly come on order confirmation page by manually punching the url in browser.

 

Which osc version are you using?


Like post..hit LIKE button.

 

osCommerce | Joomla | WordPress | Magento | SEO | CakePHP | CI

 

Guaranteed Website Speed Optimization!!

Share this post


Link to post
Share on other sites

@@AndrewRavenwood

 

I think from memory if you bail on the PayPal screen the order will still be placed in your shop. Have a look at your PayPal settings you may need to create a new order status for unpaid PayPals. this is what i did. so if i get a customer not complete the PayPal checkout the order will sit in "Awaiting PayPal Payment" status.

 

cheers.

Share this post


Link to post
Share on other sites

Quick update: Over the time that the shop has been running we have had a couple of these events. An order comes in but not payment received.

 

Yesterday I was using my 'fake' customer to check out some layout issues in the checkout process but did not proceed to Paypal as this was not a requirement of my testing - Later in the evening I noticed that the system had registered this as a confirmed order in exactly the same manner as the previous ones, therefore I can only assume that the previous 'fake' orders registered by the system were in fact potential customers who for whatever reason had decided not to continue with their order.

 

To my mind I have encountered a bug which although causing initial confusion seems to be fairly harmless and not as originally thought an attempt by someone to bypass the payment step.

Share this post


Link to post
Share on other sites

I would call it a bug if a customer can bail out at some point during (before?) the payment, yet it's still recorded as a sale elsewhere in the store. You wouldn't want to ship to them without having received a payment! If you can give the exact configuration (osC level, add-ons installed, PayPal service used, etc.) and where quitting causes this fake sale, I'm sure it would be useful information to the developers.

 

I seem to recall hearing about a problem where customers were successfully making payments (via PayPal) yet the order was not showing up. This was traced to an incorrect configuration where PayPal was not returning to the correct place in the program flow after OKing the payment received. It's kind of a mirror image of your problem, but maybe it will give a clue?

Share this post


Link to post
Share on other sites

@@AndrewRavenwood

 

This was a known issue with v2.2 RC2a using PayPal standard where the customer would close the browser after they were redirected to PayPal to make payment. osCommerce would post the information prior to redirecting the customer and if the customer didn't return, you ended up with an order and no payment.

 

With a CERT for PayPal Standard or an API for PayPal Express, that issue is eliminated.

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

@@DunWeb It's interesting that it was a known issue in a previous version.

 

It appears to still be an ongoing issue if my experience is anything to go by, as this particular install is version 2.3 and of course does have a Paypal generated certificate although I can't see that causing the issue if the customer doesn't get as far as the Paypal redirect.

 

I am considering updating the install to the latest version but since a great deal of the site is heavily modified with many custom modules it may cause more problems than it solves.

Share this post


Link to post
Share on other sites

It sounds like osC needs some code to check if payment was made, and if (apparently) not, to flag the order for further investigation (what does PayPal record), and possibly query (email the customer asking if they completed the order or bailed out). It shouldn't leave things hanging like this (post that the purchase is complete, before payment returns as complete).

Share this post


Link to post
Share on other sites

I see the same problem in my 2.3.1 store all the time. As soon as someone lands on the checkout confirmation page, but then leaves, the shop registers an order and takes stock out of inventory. I work around it in the way suggested by DogfoodIT. It is a damn nuisance, but I am aware of the problem so it does no harm.

Share this post


Link to post
Share on other sites

I too had a few problems like this, but the order status was not changed to an actual ordere status where I ship products. I think it was still at paypal pending. I just ignore these and cancel the order restocking the cart quantities.


REMEMBER BACKUP, BACKUP AND BACKUP

Get the latest Responsive osCommerce CE (community edition) here

It's very easy to over complicate what are simple things in life

Share this post


Link to post
Share on other sites

×